GLOBE.LU News

There is a critical vulnerability in the online shop system Prestashop, through which unregistered attackers from the network can completely compromise the system. Cyber criminals are already using the vulnerability to attack credit card data on a large scale. english: https://friends-of-presta.github.io/security-advisories/modules/2023/05/11/possearchproducts.html german: https://www.heise.de/news/Shopsystem-Kritische-Sicherheitsluecke-in-Prestashop-wird-angegriffen-9010286.html

Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites It is possible to reset the password of any user as long as we know their username thus being able to reset the password of the administrator and login on their account. This vulnerability occurs because this password reset function does not validate a password reset key and instead directly changes the […]

PrestaShop: Angreifer könnten Datenbank manipulieren Eine kritische Sicherheitslücke bedroht mit PrestaShop erstellte Onlineshops. Details: https://www.heise.de/news/Onlineshop-System-PrestaShop-Angreifer-koennten-Datenbank-manipulieren-8980645.html User von Onlineshops, die auf die Open-Source-E-Commerce-Plattform PrestaShop aufbauen, sollten ihre Systeme zeitnah auf den aktuellen Stand bringen. Geschieht dies nicht, könnten Angreifer an mehreren Sicherheitslücken ansetzen.

Hochriskante Sicherheitslücke in WordPress Plug-in – Elementor Pro Angreifer missbrauchen eine Sicherheitslücke im WordPress-Plug-in „Elementor Pro“ zum Einbrechen in Webseiten. Updates umgehend installieren! Eine als hochriskant eingestufte Sicherheitslücke im WordPress-Plug-in Elementor Pro wird von Angreifern missbraucht, um administrativen Zugang zu den WordPress-Webseiten zu erlangen. https://www.heise.de/news/Wordpress-Hochriskante-Luecke-in-Elementor-Pro-wird-angegriffen-8384344.html High severity vulnerability in WordPress Elementor Pro plugin https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin/

Sicherheitslücke in Microsoft Outlook für Windows Es ist eine schwere Sicherheitslücke in Microsoft Outlook für Windows bekannt geworden. Sie ermöglicht es mit speziell manipulierten Mails den NTLM Hash des Client Benutzers auszuleiten. Sie erhalten ein Outlook Update über die regulären Windows Updates oder bei neueren Outlooks direkt über das Programm: Datei > Office-Konto > Updateoptionen Details: https://www.heise.de/news/Microsoft-Outlook-Luecke-Proof-of-Concept-verfuegbar-Sorge-vor-Angriffen-7714602.html

Improve your client account security. Enable two-factor authentication to start using it with your GLOBE.LU account. Two-Factor Authentication adds an extra layer of protection to logins. Once enabled & configured, each time you sign in you will be asked to enter both your username & password as well as a second factor such as a security code. 1. Please download the appropriate app to your […]

All OX App Suite plans include access to Webmail, Calendar, Tasks and Address Book. The Productivity package adds OX Drive and OX Documents (Text, Spreadsheets and Presentations). – CardDAV & CalDAV – Mobile & Desktop Access (IMAP) – Shared Calendars, Contacts, Tasks – Self-Service Migration Tool – Premium Anti-Virus & Anti-Spam Details: https://www.globe.lu/clients/index.php/store/professional-email?language=english

The drag & drop website builder enables You to create a professional website without any technical knowledge. Choose different elements to add photos, maps or videos, just select and drag to desired place. 150+ Templates, Pre-designed Building Blocks, Built-in Mobile-Friendly (100% responsive). – 150+ Templates – Pre-designed Building Blocks – Built-in Mobile-Friendly Whether you want to promote yourself or your business, our site builder is […]

New website and client area with improved support for mobile devices.

Meta warns: These apps steal passwords Details: https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/ Android Apps: —————————————- Android Package Name | App Name —————————————- al.puik.cus | CallShowLite apex.hoolom.racecar.app | Apex Race Game callerscreen.paper.ringshow | CallerPaper Show com.abs.provideo_editor | Video Converter Master com.acetoon.studio.facephoto | Acetoon Photo Cartoon com.addtextcoon.shapermoter | Photo Frame PIP Collage Maker com.adonarusso.daily.horoscope | ZodiHoroscope – Fortune Finder com.ads_manager_helper | Ads Manager Helper com.ads.optimization | Ad Optimization Meta com.adsagency.socialmng | […]

PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild! On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. Details https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/

WordPress 6.0.2 Security and Maintenance Release This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. https://www.heise.de/news/Sicherheitsupdate-Angreifer-koennten-WordPress-Websites-attackieren-7249431.html?wt_mc=nl.red.security.security-nl.2022-09-01.link.link

A NEWLY FOUND EXPLOIT COULD ALLOW REMOTE ATTACKERS TO TAKE CONTROL OF YOUR SHOP. Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites. For details, please read the entire article. Details: https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/ Please Update now!

On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. We uncovered a code injection vulnerability that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection. This could allow […]

The WordPress plugin UpdraftPlus is vulnerable. If exploited, the vulnerability could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). Details: https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/#more-141314 https://www.heise.de/news/WordPress-Plug-in-UpdraftPlus-koennte-Website-Backups-leaken-6510427.html?wt_mc=nl.red.security.security-nl.2022-02-24.link.link

As a reminder if you are having trouble sending or receiving emails. TLS versions 1.0 and 1.1 are no longer supported for email clients and webbrowsers. This can lead to problems receiving and sending emails, if you are still using an email client with an older operating system. To fix these problems, you need to update your operating system and email client software to the […]

WordPress Security The latest WordPress security news, tips and updates: https://ithemes.com/blog/category/wordpress-security/

All shared hosting packages: PHPmyadmin and webmail (Roundcube) were updated to the latest version today.

WordPress Plugin – Critical Vulnerability in Essential Addons for Elementor Plugin Details: https://www.heise.de/news/WordPress-Plug-in-Essential-Addons-for-Elementor-als-Schadcode-Schleuder-6344583.html?wt_mc=nl.red.security.security-nl.2022-02-03.link.link https://patchstack.com/articles/critical-vulnerability-fixed-in-essential-addons-for-elementor-plugin/